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About this Guide 


This guide will help you to run Qualys Vulnerability Management and Policy Compliance 
scans on your ESXi hosts through vCenter. We'll help you get started quickly! 


About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and 
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses 
simplify security operations and lower the cost of compliance by delivering critical 
security intelligence on demand and automating the full spectrum of auditing, 
compliance and protection for IT systems and web applications. 


Founded in 1999, Qualys has established strategic partnerships with leading managed 
service providers and consulting organizations including Accenture, BT, Cognizant 
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, 
Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also 
founding member of the Cloud Security Alliance (CSA). For more information, please visit 
www.qualys.com 


Contact Qualys Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your 
questions will be answered in the fastest time possible. We support you 7 days a week, 
24 hours a day. Access support information at www.qualys.com/support/ 
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Get Started 


We now have the ability to run vulnerability and compliance scans on your ESXi hosts 
through vCenter. 


Before you begin, one consideration is that you will need to understand your VMware 
environment. If your organization has multiple deployments of vCenter in the 
environment managed by different authentication mechanisms (e.g. different Active 
Directory Domains, or some domains connected by Active Directory vs others are not) you 
will need to setup multiple vCenter and ESXi records. 


There are two ways to gather vCenter map data: 
1. Using the Qualys map feature. 


2. Using a map file provided by your VMware administrator. If you are using a map file 
provided from your VMware administrator, please skip to Appendix A - Using a map 
from a VMware administrator 


Requirements: 


e This feature is supported in Qualys 8.14 and later. If you are running on a Private Cloud 
Platform (PCP), please make sure that your Qualys Cloud Platform is updated to version 
8.14 or later. 


e An account setup to access vCenter with the proper credentials. 


e Alistof the vCenter IPs. 


Caveat: 


We have a single control that's currently not supported using the scanning method 
described in this document: 


8972 Status of the users with shell access on the host 
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Setting up Qualys to map using vCenter 


To create a vCenter map using the Qualys map feature, you will need to obtain an account 
with the proper rights to perform ESX/ESXi host discovery. In order to perform the 
discovery using the Qualys map feature, authentication will need to be performed. 


1. Request vCenter credentials 
To successfully authenticate and scan each ESXi host, we'll need a vCenter account with: 
e Read only access to the ESXi host 


e In addition to read-only access permissions to 


Global.Settings Expand Global and select “Settings” 


Host.Config.Change.Settings Expand Host > Configuration and select 
“Change settings” 


2. Request a list of vCenter IP Addresses 
Request a list of vCenter IP addresses from your VMware Administrator. 


3. Create a vCenter authentication record 


a. Go to Scan > Authentication» New > VMware > VMware ESXi Record > vCenter 
Record. 


b. In the Login Credentials section, select the authentication type and enter the 
credentials that you were provided. 


New vCenter Record Launch Help 


Record Title Authentication 


Login Credentials > Provide login credentials to use for authenticated scanning. You have the option to get the login password from a vault 
available in your account. 


Target Configuration Authentication Type: Basic Y 
IPs Username* 


Comments Password” 


Confirm Password’: 


cane 


c. Inthe Target Configuration section, update the settings to match your 
environment. 


d. In the IPs section, input the target list of vCenter IPs/IP Ranges. 
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Create a Map 


In order to create a map using Qualys we will use the Map feature located in Qualys 
Vulnerability Management. The steps to perform the automated map discovery scan are 
below: 


1. Create a map Option Profile and define the authentication method respectively to 
launch map for guest and host discovery. 


Go to Scan » Option Profiles » New » Option Profile. 
b. Provide an appropriate title for the Option Profile. 
c. Goto the Map section: 
* Under the Perform Basic Information Gathering on: select All Hosts 


e Under the authentication section of the option profile, select vCenter 
authentication for ESX/ESXi host discovery. 


New Option Profile Turn help tips: On| Off Launch Help 


Option Profile Title Map 


ace Perform Basic Information Gathering on 


@ All Hosts 
© Registered Hosts only 


Additional © Netblock Hosts only 
© None 


Performance 


Configure performance options for mapping your network. 


| Overall Performance: Normal Configure... 


Authentication 
Authentication enables the scanner to log into hosts at scan time to extend detection capabilities. See the online help to learn 
how to configure this option. 


(9) vCenter authentication for ESX/ESXi host discovery 
© ESWESXi authentication for guest discovery 
© None 


Restore Defaults | Save Save As... | _Cancel | 


d. Click Save 


2. Launch the discovery map by going to Scans > Maps > New > Map. Provide the following 
map settings and then click Launch. 


a. Select the option profile you created in the previous step for the map. 


b. In the Target Domains section, you'll need to provide the vCenter host IP 
addresses as the target of the map. 


To launch a map selectthe targets you wantto discover and specify the map's settings. 


General Information 


Give your map a name, select a scan profile (a default is selected for you with recommended settings), and choose a scanner from the Scanner Appliance menu for internal 


scans, if visible. 
Title: 


Option Profile: 


Network: * 


Scanner Appliance: 


vCenter host discovery scan 


vCenter auth for ESX/ESXi host discovery | [B view 


Global Defaut Network [v] 


SV VScanneri 


Target Domains 


m| view 


Tell us which domains and IPs to map. A separate map will be launched for each target 


Asset Groups 


Select items... 


Assets from Asset Groups [V] Domains 


Domains / Netblocks 


Notification 


Ors 


none:[10.10.34.104,10.10.36.209] 


qualys-test. com 
wwwqualystest. 
10.10.10.10-10. 


*k Select 


com.[192.168.0.1-192.168.0.254] 
10.10.15 


[7] Send notification when this scan is finished 


Launch Cancel n 


3. View and download your map results. 
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a. To view your map results go to Scans > Map and from the Quick Actions menu 
select View Report for the map you created. 


Actions: Add to a new Asset Group 


Map Results 
Patrick Slimmer Qualys, Inc. 
quays ps 919 E Hillsdale Blvd, Floor 4 
Manager Foster City, California 94404 
United States of America 
Report Summary 
Domain: none10.10.34.104,10.10.36.209] 
Network: Global Default Network 
Map: 
Type: On demand 
Status: Finished 
Title: vCenter host discovery scan 
Launch Date: 07/27/2018 at 12:55:41 (GMT-0700) 
Reference: map/1532721306.63739 
Duration: 00:00:23 
Total Hosts Found: 9 


Scanner Appliance: 


al 
Map Results 


Filey View Helpy 


July 27, 2018 


07/27/2018 at 12:58:35 (GMT-0700) 
Sort By: IP Address 


SV. VScanner1 (Scanner 9.10.21-1, Vulnerability Signatures 2.4.284-2) 


Option Profile: vCenter auth for ESX/ESXi host discovery 

Results 
none (9) 

ioje: DNS NetBIOS Router OS 

p Œ 10.10.0.10 bartqualys.com 10.11.51.2 

p © 10.1034104 COMVCENTERSS 10.10.0.10 Windows Vista / Windows 2008 / Windows 7 / Windows 2012 / Windows 8 
p [C] 10.10.34.108 cdesxi55v-34-108.qualys.com VMware ESXi 5.5.0 

p E 10.10.34.196 esxi-51-34-196.qualys.com VMware ESXi 5.1.0 

p (©) 10.10.35.107 esxi60u1-35-107.com2012r2.qualys.com VMware ESXi 6.0.0 

p Œ 1010.36.69 pat-esxi60-36-69.qualys.com VMware ESXi 6.0.0 

> © 10.10.36.209 10.10.0.10 Ubuntu / Tiny Core Linux / Linux 2.6.x 
» © 10.11.51.2 

p © 10.1170.115 comesxi60 VMware ESXi 6.0.0 
Lejos | NetBIOS ‘Router OS 


m + 


m 
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b. Download Map results as CSV. We will use the downloaded file in upcoming steps. 
In the map results, go to File » Download, and select CSV format. Click Download. 


File» | View» Help» 
Print 


| e^e Report Download 
@ Qualys, Inc. [US] https://qualysguard.qualys.com/fo/report/download saved re 


Report Download 


Select Download Format: * 


[Comma-Separated Value (CSV) ly 


The vCenter and ESXi mapping data is auto populated as a result of your discovery map 
scan. To see the mapping data, go to Scans > Authentication > New > VMware... > 
vCenter Mapping List. For each mapping record in the list, the Data Source column 
indicates whether the record is the result of an uploaded CSV file (“File”) or the result 
of a discovery map scan (“Map Scan”). 


| vCenter ESXi Mapping Data 


| Dee ESXi IP Network Data Source Created Date 
| Clear Selections n 
Seen] 10913471 Global Default Network Fie 42/11/2020 
F] 10.1034.104 10.10.34.196 Global Default Network Fie 12/11/2020 
10.10.36.209 10.10.36.69 Global Default Network Fie 12/11/2020 
F) 128.000 128.0.0.0 Global Default Network Fie 12/41/2020 
128.000 128000 Global Default Network Fie 12/11/2020 
7 128.0.0.0 128.0.0.0 Global Default Network File 12/11/2020 
B 128.0.0.0 128.0.0.0 Global Default Network Fie 12/11/2020 
[gj 128000 128.0.0.0 Global Default Network Fie 12/1/2020 
E 128000 128000 Global Default Network Fle 12/11/2020 
128.0.0.0 128.0.0.0 Global Default Network Fie 1211/2020 
128.0.0.0 128.0.0.0 Global Default Network Fie 12/11/2020 
E 126000 128000 Global Default Network Fie 12/11/2020 
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Register and organize vCenter and ESXi Assets 


In this step we will be registering the IPs in your subscription and creating an Asset Group. 


"Please note: If your subscription has the Networks feature enabled, you will need to 
repeat this step to register the IPs in the proper Network. 


1. 


2 
9. 
4 


iQ; poc TM 


Make sure that you have the IP Addresses of vCenter and ESXi hosts available. 
Go to Assets » Host Assets » New » IP Tracked Hosts. 
Click the Host IPs tab. 


Paste the list of vCenter and ESXi IPs in the Host IPs tab (if applicable under the proper 
network). 


Click Add, then Apply. 


New Hosts Launch Help x 


General Information: Host IPs 


Host IPs > Enter IPs and ranges in the field below. See the Help for proper formatting. 


Network: 
Host Attributes You can choose any network. New IPs will be available to all networks, regardless of 


your selection. Custom host attributes will be applied only to the selected network. 
Global Default Network + 


IPs: * 


Add to CertView Module 


Add to VM Module 


Then, go to Assets » Asset Groups » New Asset Group. 

Provide an appropriate title (and network if applicable) for the Asset Group. 
Under IPs paste the ESXi host IPs in the group. 

Click Save. 


10 


Scan ESXi hosts on vCenter 
Get Started 


Create a VMware ESXi Record 


Whether you have used a vCenter Map from a VMware Administrator or used the Qualys 
Map, the list of ESXi IPs will need to be copied from the map file. 


1. Open the file that contains the ESXi IP addresses. 
2. Copy all of the IP addresses in the list. 


3. Create anew VMware ESXi Record. Go to Scans > Authentication > New > VMware ESXi 
Record > VMware ESXi Record. 


4. Complete the following information in the record: 


a. Record title 


b. Under Login Credentials select: Use vCenter 


VMware ESXi Authentication Record Launch Help 


Record Title Login Credentials 
O Basic Authentication © Authentication Vault @ Use vCenter 
Login Credentials > 
Use the basic login credential or choose to use authentication vault for authenticated scanning. 
IPs Port 443 | (Default is 443) 


Comments 


Scan Disconnected ESXi Hosts via vCenter 
Select this option if the ESXi hosts are disconnected and you don't want any traffic sent directly to them. 


Disconnected ESXi 


Save Cancel 
Under IPs, paste the list of IPs that you Nave just copied. 


d. Under Scan Disconnected ESXi Hosts via vCenter, select the Disconnected ESXi 
option to scan ESXi hosts without sending any data to the host. By default, this 
option is clear (un-selected). 
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Manage vCenter and ESXi Mapping Data 
You can search, download, delete, and, purge the vCenter and ESXi Mapping Data. 


Go to Scans » Authentication » New » VMware... » vCenter Mapping List. The Data Source 
column in vCenter and ESXi Mapping Data screen shows if your mapping is done via file or 
a discovery map scan. 


| vCenter ESXi Mapping Data 


Actions v { Search Download CSV | { Purge ( Page — 1/0f1 e 1-180118 
| ome ESXi IP Network Data Source Created Date 
] Clear Selections. A 
10.9.134.71 Global Default Network File 12/11/2020 
F) 10.10.34.104 10.10.34.196 Global Default Network File 12/11/2020 
10.10.26.209 10.10.36.69 Global Default Network Fie 12/11/2020 
F] 128000 128.0.0.0 Global Default Network File 12/11/2020 
128.0.0.0 128.0.0.0 Global Default Network File 42/11/2020 
128.0.0.0 128.0.0.0 Global Default Network File 12/11/2020 
128.0.0.0 128.0.0.0 Global Default Network Fie 12/11/2020 
[V] 128.0.0.0 128.0.0.0 Global Default Network Fie 12/11/2020 
E 128000 128.0.0.0 Global Default Network Fie 12/11/2020 
128.0.0.0 128.0.0.0 Global Default Network File 12/11/2020 
Al 128.000 128.0.0.0 Global Default Network File 12/11/2020 
128.0.0.0 128.0.0.0 Global Default Network File 12/11/2020 


Search: This option allows you to search for a specific vCenter IP Address or ESXi IP 
Address. You can further filter the data under file or discovery map scan. 


vCenter ESXi Mapping Data 


Actions v [sea | Download CSV | | Purge Page 1 of 1 


[| vCenter IP 


e 
eo 
o 
E 


Search 
[F] 1.1.1.1 


1142 vCenter IP Address: 


-—7 


[E] 10.10.34.104 ESXi IP Address: 


= Data Source: a 
[7] 10.10.34.104 
All 
[7] 10.10.36.209 File 
[7] 10.10.36.209 Map Scan 
[7] 10.10.36.209 
[7] 10.10.36.209 


Download CSV: Download the vCenter and ESXi Mapping data in CSV format. If you have 
searched for certain IP using the Search option all the records related to the searched IP 
will be downloaded. 


Purge: This option allows you to delete the vCenter and ESXi Mapping Data. You can 
delete the data from the following sources: 
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- File Data Source 
- Map Scan Data Source 


vCenter ESXi Mapping Data 


Page toti |i 


ource 


E| 10.10.34.104 Purge data for following mapping data source : 
File Data Source 


ll 161025194 C Map Scan Data Source 
[7] 10.10.36.209 


E 10.10.36.209 
[7] 10.10.36.209 


E] 10.10.36.209 


Delete: This option allows you to delete the selected mapping records from vCenter and 
ESXi Mapping Data. Select the records to be deleted and click Delete from Actions drop 


down. 
vCenter ESXi Mapping Data 


Actions v MESSITSTPSTCVICA T 14 {| | Page| tori ||| pl |e 


| ^ Delete - 


10.9.134.71 
E 10.10.34.104 


Delete VCenter Mapping 
[E 10.10.36.209 


E 128.0.0.0 Are you sure you want to delete the selected 1 mapping record? 


E 128.0.0.0 
ee Delete | Camel | 


E] 128.0.0.0 


pa | 128.0.0.0 BE 
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Launch scans 
Now you are ready to launch a scan on your ESXi hosts through vCenter. 


Launch a scan like any other scan and for your target hosts choose your ESXi assets by 
selecting IP addresses, asset groups, asset tags. The authenticated scanning occurs for the 
ESXi IP addresses defined in your authentication record defined by you. 


Policy Compliance v 


Dashboard Policies Scans Reports Exceptions Assets Users 


PC Scans SCAP Scans Schedules Appliances Opt 


: My Scans | 


| New w | | Search | | Fitters v 
|| Title | “Scan 


EC2 Scan 415 | 


| Cloud Perimeter Scan 
Schedule Scan 


Schedule EC2 Scan 


Host > 
Asset Group.. 


Compliance Profile... 


Download... 
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Appendix A - Using a map from a VMware 
administrator 


1. Obtain a vCenter map generated from your VMware administrator in CSV format. 
Requirements for map file 


2. Openthe file and verify the file only contains the columns: vCenter Name, vCenter IP, 
ESXI System Name, Department, Location, LOB, System Type, ESXi IP, OS Long, OS 
Short, Port. 


á T == ee [c zil DENN E F T G H 
1 |vCenter Name vCenterIP ESXi System Name Department Location LOB System Type ESXi IP 
2 |VMware vCenter 6.5 10.10.1.100 VMware ESXi 6.5 IT CA CHANNELS symc-csm-AssetSystem-Asset- VMware- 10.11.70.100 


3. Uploadthe map file. To upload the file, go to Scans » Authentication » New » VMware... 
» vCenter Mapping Upload. Select the map file in CSV format, and click Upload. 


Upload vCenter - ESXi mappings 


Upload vCenter-ESXi host mapping file in CSV format 
vCenter-ESXi mapping vcenter esxi mappings.csv 


Network: Network 1 -| 


Upload | | Cancel | 


4. Refer to the section Register and organize vCenter and ESXi Assets for the remaining 
steps. 


Requirements for map file 
1. The vCenter map file has 2 required columns that can be in any order: 


- vCenter IP 
- ESXiIP 


2. Additional columns are optional and can be in any order: vCenter Name, ESXi System 
Name, Department, Location, LOB, System Type, OS Long, OS Short, Port 


3. Column names are case sensitive 
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Appendix B - API Support 


We provide API support for running scans through vCenter. 
API: VMware Authentication Record | Option Profile | Discovery Scan | Compliance Scan 


Looking for the latest Qualys API documentation? Click here 


VMware Authentication Record 


To create a vCenter record using API, you need to first define the vCenter - ESXi mappings 
using the UI. Currently defining the mappings using API is not supported. 


Sample - Create VMware Authentication Record with Use vCenter option 
API request: 


curl -H "X-Requested-With:curl demo2" -u "user:password" -d 
"action-create&title-VmWare-VCenter-Auth- 
API&ips-10.10.10.110&10gin type-vcenter&port-80" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE BATCH RETURN SYSTEM 

"https: //qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
«BATCH RETURN» 

«RESPONSE» 
<DATETIME>2018-06-28T07: 43:58Z</DATETIME> 
«BATCH LIST» 

«BATCH» 
<TEXT>Successfully Created</TEXT> 
«ID SET» 
<ID>179933</ID> 
</ID_SET> 
</BATCH> 
«/BATCH LIST» 
</RESPONSE> 
</BATCH RETURN» 


Sample - List VMware Authentication Record with Use vCenter option 
API request: 


curl -H "X-Requested-With:curl demo2" -u "user:password" -d 
"action-list&ids-179933" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/" 
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XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH VMWARE LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/auth vmware 1 
ist output.dtd"» 

<AUTH VMWARE LIST OUTPUT» 

«RESPONSE» 
<DATETIME>2018-06-28T07:44:32Z</DATETIME> 
<AUTH VMWARE LIST» 

<AUTH VMWARE> 
<ID>179933</ID> 
<TITLE><! [CDATA[VmWare-VCenter-Auth-API] ] ></TITLE> 
<PORT>80</PORT> 
«SSL VERIFY><! [CDATA[all]]></SSL_VERIFY> 
<IP_SET> 
<IP>10.10.10.110</IP> 
</IP_SET> 
«LOGIN TYPE><! [CDATA[vcenter] ]></LOGIN TYP 
ETWORK ID»20«/NETWORK ID» 
REATED> 
<DATETIME>2018-06-28T07:43:58Z</DATETIME> 
< 
C 


Gl 


[zal 
V 


BY>user</BY> 
REATED> 

«LAST MODIFIED» 
«DATETIME»2018-06-28T07:43:58Z2«/DATETIME» 

«/LAST MODIFIED» 

</AUTH_VMWARE> 

</AUTH VMWARE LIST» 
</RESPONSE> 
«/AUTH VMWARE LIST OUTPUT» 


Sample - Create vCenter Authentication Record with Basic Authentication option 
API request: 


curl -H "X-Requested-With:curl demo2" -u "user:password" -d 
"action-create&title-VCenter-Auth-Create 
API&ips-10.10.10.110&10gin type-basic&port-80&username-username&pa 
ssword=password" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch return.dtd"» 
«BATCH RETURN» 

«RESPONSE» 
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<DATETIME>2018-06-28T07:47:47Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
«ID SET» 
<ID>179973</ID> 
</ID_SET> 
</BATCH> 
«/BATCH LIST» 
</RESPONSE> 
</BATCH RETURN> 


Sample - List vCenter Authentication Record with Basic Authentication option 
API request: 


curl -H "X-Requested-With:curl demo2" -u "user:password" -d 
"action-list&ids-179973" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH VCENTER LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/auth vcenter 
list output.dtd"» 
«AUTH VCENTER LIST OUTPUT» 
«RESPONSE» 
<DATETIME>2018-06-28T07:48:13Z</DATETIME> 
<AUTH_VCENTER_LIST> 
<AUTH VCENTER> 

<ID>179973</ID> 

<TITLE><! [CDATA[VCenter-Auth-Create API] ]></TITLE> 

<USERNAME><! [CDATA [username] ] ></USERNAME> 

<PORT>80</PORT> 
«SSL VERIFY»«![CDATA[none]]»«/SSL VERIFY» 
«IP SET» 
<IP>10.10.10.110</IP> 
</IP SET> 
<LOGIN TYPE><! [CDATA [basic] ]></LOGIN TYPE» 
ETWORK ID»20«/NETWORK ID» 
REATED> 
<DATETIME>2018-06-28T07:47:47Z</DATETIME> 
<BY>user</BY> 
</CREATED> 
«LAST MODIFIED» 

<DATETIME>2018-06-28T07:47:472Z</DATETIME> 

</LAST MODIFIED» 


al 
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«/AUTH VCENTER» 
«/AUTH VCENTER LIST» 
</RESPONSE> 
«/AUTH VCENTER LIST OUTPUT> 


I 


Sample Create VMware Authentication Record with Disconnected ESXi Hosts 
API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -d 
"action-create&title-NewVMwareRecordWithAPI&login type-vcenter&ips-10.11. 
12.13&is disconnect-1" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/" 


XML output: 


<?xml version="1.0" encoding-"UTF-8" ?> 

<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch return.dtd"» 
«BATCH RETURN» 

«RESPONSE» 
<DATETIME>2021-11-03T12:09:53Z</DATETIME> 
<BATCH_LIST> 

<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>1344231</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST» 
</RESPONSE> 
</BATCH RETURN» 


Sample Update VMware Authentication Record with Disconnected ESXi Hosts 

In this sample, we are updating an existing VMware authentication record to specify that 
ESXi hosts are disconnected. 

API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -d 
"action-update&ids-1344232&is disconnect=1" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/" 


XML output: 


<?xml version=""1.0"" encoding=""UTF-8"" ?» 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch return.dtd"» 
«BATCH RETURN» 
«RESPONSE» 
<DATETIME>2021-11-03T12:19:412Z</DATETIME> 
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«/ 


«BATCH LIST» 
«BATCH» 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>1344232</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST» 
RESPONSE> 


«/BATCH RETURN» 


List VMware Authentication Records 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X "POST" -d 
"action-list&details-All" 
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"https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/" 
XML output: 
<?xml version=""1.0"" encoding=""UTF-8"" ?» 
<! DOCTYPE AUTH VMWARE LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/auth vmware list out 
put.dtd"» 
X«AUTH VMWARE LIST OUTPUT» 
«RESPONSE» 
<DATETIME>2021-11-22T07:32:212Z</DATETIME> 
<AUTH VMWARE LIST> 


<AUTH_VMWARE> 
<ID>409187</ID> 

<TITLE><! [CDATA [VMware Basic] ]></TITL 

<USERNAME><! [CDATA [root] ]></USERNAME> 

<PORT>443</PORT> 


[Ea] 
V 


«SSL VERIFY»«![CDATA[skip]]»«/SSL VERIFY» 


«IP SET» 
<IP>10.20.30.40</IP> 
</IP SET> 


<LOGIN TYPE><! [CDATA[basic]]></LOGIN TYP 


<NETWORK_ID>0</NETWORK_ID> 
<CREATED> 


ti 


<DATETIME>2020-01-23T07:55:13Z</DAT 


ETI 


<BY>joe_user</BY> 
</CREATED> 
<LAST_MODIFIED> 


<DATETIME>2020-01-23T07:55:13Z</DAT 


ETIM 


</LAST_MODIFIED> 
</AUTH_VMWARE> 
XAUTH VMWARE> 


<ID>1344231</ID> 


<PORT>443</PORT> 
<IP_SET> 
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<TITLE><! [CDATA [VMware Disconnected Disabled] ]></TITL 


[Ea] 
V 


Scan ESXi hosts on vCenter 
Appendix B - API Support 


<IP>10.11.12.13</IP> 
</IP_SET> 
<LOGIN TYPE»«![CDATA[vcenter]]»«/LOGIN TYPE» 
<DISCONNECTED ESXI>0</DISCONNECTED ESXI> 
XNETWORK ID»0«/NETWORK ID» 
«CREATED» 
<DATETIME>2021-11-03T12:09:532Z</DATETIME> 
<BY>joe_user</BY> 
</CREATED> 
«LAST MODIFIED» 
<DATETIME>2021-11-10T13:11:232Z</DATETIME> 
«/LAST MODIFIED» 
</AUTH_VMWARE> 
<AUTH_VMWARE> 
<ID>1344232</ID> 
<TITLE><! [CDATA [VMware Disconnected Enabled] ] ></TITLE> 
<PORT>443</PORT> 
<IP_SET> 
<IP>8.9.10.11</IP> 
</IP_SET> 
<LOGIN TYPE><! [CDATA[vcenter]]></LOGIN TYPE» 
<DISCONNECTED ESXI>1</DISCONNECTED ESXI> 
<NETWORK_ID>0</NETWORK_ID> 
<CREATED> 
<DATETIME>2021-11-03T12:16:362Z</DATETIME> 
<BY>joe_user</BY> 
</CREATED> 
XLAST MODIFIED» 
<DATETIME>2021-11-10T13:10:17Z</DATETIME> 
«/LAST MODIFIED» 
</AUTH_VMWARE> 
</AUTH_VMWARE_LIST> 
<GLOSSARY> 
<USER_LIST> 
<USER> 
<USER_LOGIN>joe_user</USER LOGIN> 
<FIRST NA E>Joe</FIRST NAI > 
<LAST_NAME>User</LAST NA E> 
</USER> 
</USER_LIST> 
</GLOSSARY> 
</RESPONSE> 
</AUTH_VMWARE LIST OUTPUT» 


ti | 


I 
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Option Profile 


Scan ESXi hosts on vCenter 
Appendix B - API Support 


The vCenter map authentication option in the option profile, required to run an 
automated discovery scan (map) of ESXi hosts, can be set using the option profile API 
(import/export). (This automated discovery scan is supported using Qualys (VM, PC) 


version 8.14 and later.) 


Option Profile API (import/export) 


URL: 


DTD for import/export data: 


p.m 4 


scovery) or none. 


<platformURL>/api/2.0/api/2.0/fo/subscription/option_profile/ 


<platformURL>/api/2.0/fo/subscription/option_profile/option_profile_info.dtd 


he <MAP_AUTHENTICATIONS> tag can be set to: VMware-ESXi (i.e. ESX/ESXi 
uthentication for guest discovery), vCenter (i.e. vCenter authentication for ESX/ESXi host 


Sample - Map Authentication - vCenter authentication for ESX/ESXi host discovery 


API request: 


curl -H "X-Requested-With:curl demo2" -u "USERNAM 
Content-Type:text/xml --data-binary "@/root/myfile.xml" 
"https://qualysapi.qualys.com/api/2.0/fo/subscrip 


le/?action-import 


Note - "myfile.xml" contains the request POST data. 


Request POST data: 


«/VULNERABILITY DETECTION» 


«ADDL CERT DETECTION»0«/ADDL | 


<DISSOLVABLE AGENT» 


CERT DETECTION» 


ENT 


ENAB 


E:PASSWORD" - 


«DISSOLVABLE AG 


«WINDOWS SHARE ENUMERATION E 


BLE» 


«/DISSOLVABLE AGENT» 


</SCAN> 
<MAP> 


«BASIC INFO GATHERING ON>all</BASIC INFO GATHI 


«TCP PORTS» 


ENABLE» 


‘NAB 


E>0</WINDOWS SHARE . 


E>0</DISSOLVABLE AGENT 


ENUM. 


ERING_ON> 


<TCP_PORTS_STANDARD SCAN>1</TCP_PORTS_ STANDARD SCAN» 


</TCP_PORTS> 
<UDP_PORTS> 


<UDP_PORTS_STANDARD SCAN>1</UDP_PORTS_ STANDARD SCAN» 


</UDP_PORTS> 
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ERATION _ 


tion/option profi 


ENA 


^ 
Og 
H 
wn 
D 
Ww 
- 


«/MAP OPTIONS» 
«MAP PERFORMANCE» 
«OVERALL PERFO 
«MAP PARALLEL» 
EXTERNAL _ 
SCANNER A 


RMANCI 


SCANNI 


NETBLOCK 


A A Al 


| SIZI 
«/MAP PARALLEL» 


<PACKET DELAY> 
</MAP_PERFORMANCE> 


jong« / PACK 


ERS>4</ 


E>65536 I 
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Ij 


<PERFORM LIVE HOST SWEEP>1</PERFORM LIVE HOST SWEEP» 
DNS TRAFFIC»0«/DISAB 


E DNS TRAFFIC» 


E»Custom«/OVERALL PERFORMANCE» 


I 


EXTERNAL SCANNERS» 
PPLIANCES»4«/SCANNER APPLIANCES» 
Ps«/NETBLOCK SIZE» 


ET D 


ELAY» 


XMAP AUTHENTICATION»vCenter«/MAP AUTHENTICATION» 


«/MAP» 
<ADDITIONAL> 
«HOST DISCOVERY> 
«TCP PORTS» 


«STANDARD SCAN»21«/STANDARD SCAN» 


XML output: 


<?xml version="1.0" encoding-"UTF-8" 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 


«SIMPLE RETURN» 
«RESPONSE» 


?> 


<DATETIME>2018-05-03T08:33:582Z</DATETIME> 
<TEXT>Successfully imported Option profile for the subscription 


Id nnnnnn</TEXT> 
«ITEM LIST 


«ITEM» 


<KEY>329725</KE 


Y> 


<VALUE>OP for vCenter authentication for ESX/ESXi host 


discovery</VALUE> 
</ITEM> 
«/ITEM LIST» 
</RESPONSE> 
</SIMPLE RETURN> 
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Discovery Scan 


You can launch, list, cancel and delete discovery scans (map) using the Map API as 
described in Qualys API documentation. 


Sample - Launch map 
API request: 


https://qualysapi.qualys.com/msp/map- 
2.php?domain=none: [10.10.34.104,10.10.36.209] &option-vCenter-*auth4 
for+ESX/ESXi_ host discovery&iscanner name-hg2&save report=yes 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE MAPREPORT SYSTEM 
"https://qualysapi.qualys.com/map report.dtd"» 


<MAPREPORT> 
<HEADER> 
<DOMAIN>none: [10.10.34.104,10.10.36.209]</DOMAIN> 
<NETWORK>Global Default Network</NETWORK> 
<USERNAME>acme_bb2</USERNAME> 
<REPORT_TEMPLATE><! [CDATA [Map Results] ]></REPORT_ TEMPLATE» 
<REPORT_TITLE><! [CDATA [Map Results] ]></REPORT_TITLE> 
«MAP RESULT LIST» 
«MAP RESULT» 
<MAP RESULT TITLE><! [CDATA[vCenter host discovery 
scan] ]></MAP RESULT TITLE» 
<MAP_DATE>2018-07-27T19:55:41Z</MAP DATE> 
<OPTION PROFILE><! [CDATA[vCenter auth for ESX/ESXi host 
discovery] ]></OPTION PROFILE» 
«MAP REFERENCE»map/1532721306.63739«/MAP REFERENCE» 
«/MAP RESULT» 
«/MAP RESULT LIST» 
</HEADER> 
«HOST LIST» 


«HOST» 
<IP network id="0">10.10.34.104</IP> 
<HOSTNAME><! [CDATA[] ] »«/HOSTNAME» 
<NETBIOS><! [CDATA[COMVCENTER55] ] »«/NETBIOS» 
<ROUTER>10.10.0.10</ROUTER> 
<OS>Windows Vista / Windows 2008 / Windows 7 / Windows 2012 / 

Windows 8 / Windows 10«/0S» 
<APPROVED>0</APPROVED> 
<SCANNABLE>1</SCANNABLE> 
<IN_NETBLOCK>1</IN NETBLOCK> 
<LIVE>1</LIVE> 


GI 


24 


<DISCOVERY 


IST» 


<DISCOVERY> 
DISCOVERY NAM 
PORT></PORT> 


< 
< 


</DISCOVERY> 


<DISCOVE 
< 
<PORT> 
</DISCOV 
<DISCOVE 
< 
«PORT» 
«/DISCOV 
<DISCOVE 
< 
< 


DISCOVERY NAM 
80«/PORT» 


DISCOVERY NAM 
88«/PORT» 


DISCOVERY NAM 
PORT>135</PORT> 


RY> 


ERY» 
RY» 


ERY» 
RY» 


</DISCOVERY> 


<DISCOVE 
< 
«PORT» 
«/DISCOV 
<DISCOVE 
< 
< 
</DISCOV 
<DISCOVE 
< 
< 
</DISCOV 
<DISCOVE 
< 
< 
</DISCOV 
<DISCOVE 
< 
<PORT> 
</DISCOV 
<DISCOVE 
< 
< 
«/DISCOV 
<DISCOVE 
< 
< 
</DISCOV 


DISCOVERY NAM 
139«/PORT» 


DISCOVERY NAM 
PORT>443</PORT> 


DISCOVERY NAM 
PORT>445</PORT> 


DISCOVERY NAM 
PORT>1433</PO 


DISCOVERY NAM 
137</PORT> 


DISCOVERY NAM 
PORT></PORT> 


RY> 


ERY» 
RY» 


ERY» 
RY» 


ERY» 
RY» 


ERY» 
RY» 


ERY» 
RY» 


ERY» 
RY» 


DISCOVERY NAM 
PORT»«/PORT» 


ERY» 


E»ICMP«/DISCOV 


E>TCP</DISCOV 


E>TCP</DISCOV 


E>TCP</DISCOV 


E>TCP</DISCOV 


ERY NAM 


ERY NAM 


ERY NAM 


ERY NAM 


E>TCP</DISCOV 


ERY NAM 


E>TCP</DISCOV 


ERY NAM 


E>TCP</DISCOV 


ERY NAM 


RT> 


E>UDP</DISCOV 


ERY NAM 


ERY NAM 
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[zal 
V 


Ir] 
V 


[za] 
V 


[za] 
V 


[zal 
V 


[za] 
V 


[za] 
V 


[zal 
V 


[za] 
V 


E>TCP RST«/DISCOVERY NAM 
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E»https«/DISCOVI 


ERY NAME» 


Gl 
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«/DISCOVERY LIST» 

XESXI LIST» 

<ESXI>10.10.34.196</ESXI> 

<ESXI>10.10.34.108</ESXI> 
</ESXI_LIST> 

</HOST> 


Compliance Scan 


You can launch, list, cancel and delete compliance scans using the Compliance Scan API 
as described in Qualys API documentation. 


Sample - Launch compliance scan 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d 
"action=launchéasset group ids-1234&iscanner name=iscanSéoption ti 
tle=My+Option+Profile&echo request-1" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
«SIMPLE RETURN» 

«RESPONSE» 
<DATETIME>2018-07-15T21:55:36Z</DATETIME> 
<TEXT>New compliance scan launched</TEXT> 
«ITEM LIST» 

«ITEM» 
<KEY>ID</KEY> 
<VALUE>18198</VALU 
</ITEM> 
<ITEM> 
<KEY>REFERENCE</KEY> 
<VALUE>compliance/1443996555.12121</VALU 


[zal 
V 


[zal 
V 


«/ITEM LIST» 
</RESPONSE> 
</SIMPLE RETURN> 
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